This document provides an introduction to security testing and ethical hacking. It emphasizes that security testers need basic networking knowledge, an understanding of the web application lifecycle, and a hacker's mindset of curiosity. Most of the work involves manual testing for vulnerabilities like SQL injection and XSS rather than relying on automated tools. Thorough documentation of testing results is also important to provide clear remediation suggestions to developers.
2. BEFORE YOU START!
Basic knowledge on networking.
Life cycle of a web application.
Dedicated mindset of an hacker
Open mind with curiosity to learn new things.
Don’t depend completely on tools, tools can never replace a
human(Security Tester)
Be ready for anything as you might go to jail if your actions are
affected by 3rd party companies or government rules and regulations.
Do not access or do penetration testing on networks which you are
not authorized to or for which you don’t have permission to do so.
http://solidmonster.wordpress.com
5. INFORMATION SECURITY
Background
Basics of Internet and web applications
Information gathering
Platform details, application knowledge, domain knowledge…
Manual testing
SQL Injection, XSS, URL redirection…
Tools
Scanners
Sniffers
Remediation
Suggestions
Documentation
Custom Reports
Risk assessment
http://solidmonster.wordpress.com
http://solidmonster.wordpress.com
6. INFORMATION GATHERING
Information leakage
Whois.com
General contact details (Mail Servers)
List of domain names
Google Dorks
Shared and independent servers
Bing Operator search
Error messages in revealing banner information
http://solidmonster.wordpress.com
7. MANUAL TESTING
Client and Server side validations
SQL Injection (SQLI)
Cross Site Scripting (XSS)
Cross-Site Request Forgery (CSRF)
URL Redirection
Broken Authentication and Session Management
E-Shop Lifting
Failure to restrict URL access
Direct Traversals
File Uploads
http://solidmonster.wordpress.com
8. AUTOMATED TOOLS
Tools automate the ‘attack’ on the web application/database server.
Send protocol specific requests to the server to test for common
vulnerabilities
How they work ?
Signature based
Phases
Crawl
Audit (attack)
Report
Tools
AppScan – IBM
WebInspect – HP
Accunetix
Nessus
Nmap
Fiddler/ Wireshark
http://solidmonster.wordpress.com
9. AUTOMATED TOOLS
Good at
Testing for 100s of common vulnerabilities and mis-configurations that are
impractical to test for manually
Regression testing of servers to ensure they stay secure – especially after activities
like patching or new code deployment
Ability to schedule automated scanning/testing for off-production hours to avoid
conflicts
Not good at
Automated tools are most effective at ‘guessing’ and using known signatures to
identify issues
Detailed exploits that require intelligent feedback and analysis
Can not find business logic bugs
False positives
Cannot depend on tool blindly
http://solidmonster.wordpress.com
10. REPORTS
Documentation – You cant just stop with report which was generated by
automated tool. You may even have to provide the customized report
which can explain in a better way.
To make it understandable to the organization (developers).
Mostly PDF formats
NDA – Non Disclosure Agreements
Report
Who tested it?
Disclaimers
Environment details
Summary
Technical Details
Risk of not fixing
Description,
Reproduction steps
Suggestions
http://solidmonster.wordpress.com
11. OWASP TOP 10
A1: Injection
A2: Cross-Site Scripting (XSS)
A3: Broken Authentication and Session Management
A4: Insecure Direct Object References
A5: Cross-Site Request Forgery (CSRF)
A6: Security Misconfiguration
A7: Insecure Cryptographic Storage
A8: Failure to Restrict URL Access
A9: Insufficient Transport Layer Protection
A10: Unvalidated Redirects and Forwards
http://solidmonster.wordpress.com
12. Its just a small intro on Security Testing! Though if anyone are
interested, feel free to contact me by just searching me on Google
He knows everything about me. He would help you in finding my
contact details.
http://solidmonster.wordpress.com